A Multi-Tiered Framework for Insider Threat Prevention

被引:16
|
作者
Alsowail, Rakan A. [1 ]
Al-Shehari, Taher [1 ]
机构
[1] King Saud Univ, Riyadh 11362, Saudi Arabia
关键词
insider threat prevention; multi-tiered approach; information security; data privacy; ACCESS-CONTROL; INFORMATION;
D O I
10.3390/electronics10091005
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization's assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders' employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.
引用
收藏
页数:29
相关论文
共 50 条
  • [1] A Multi-Tiered Optimization Framework for Heterogeneous Computing
    Milluzzi, Andrew
    Richardson, Justin
    George, Alan
    Lam, Herman
    2014 IEEE HIGH PERFORMANCE EXTREME COMPUTING CONFERENCE (HPEC), 2014,
  • [2] A multi-tiered framework for Virtual Instrumentation System (VIS)
    Sen Gupta, G.
    Buhler, A.
    Demidenko, S.
    Messom, C. H.
    Mukhopadhyay, S. C.
    2006 IEEE INSTRUMENTATION AND MEASUREMENT TECHNOLOGY CONFERENCE PROCEEDINGS, VOLS 1-5, 2006, : 976 - +
  • [3] MeshMon: a multi-tiered framework for wireless mesh network monitoring
    Raghavendra, Ramya
    Acharya, Prashanth
    Belding, Elizabeth M.
    Almeroth, Kevin C.
    WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2011, 11 (08): : 1182 - 1196
  • [4] Implementing a multi-tiered framework for building NDLTD-Taiwan
    Chiang, Chia-Ning
    Wang, Hung-Te
    Lin, An-Chi
    LIBRARY MANAGEMENT, 2014, 35 (4-5) : 329 - 344
  • [5] Technology-based multi-tiered building diagnosis framework
    Faqih, Faisal
    Zayed, Tarek
    Alfalah, Ghasan
    INTERNATIONAL JOURNAL OF BUILDING PATHOLOGY AND ADAPTATION, 2022, 40 (01) : 101 - 133
  • [6] MeshMon: A Multi-tiered Framework for Wireless Mesh Network Monitoring
    Raghavendra, Ramya
    Acharya, Prashanth
    Belding, Elizabeth M.
    Almeroth, Kevin C.
    MOBIHOC S3 09, 2009, : 45 - 47
  • [7] Multi-tiered database clusters
    Kripac, Miroslav
    Brandejs, Michal
    3rd International Conference on Computing, Communications and Control Technologies, Vol 1, Proceedings, 2005, : 113 - 117
  • [8] MULTI-TIERED TERRORISM IN PERU
    RATNER, RS
    CRIMES BY THE CAPITALIST STATE: AN INTRODUCTION TO STATE CRIMINALITY, 1991, : 101 - 127
  • [9] Design and implementation of a framework development platform for multi-tiered web applications
    Jiang, Minghua
    Liu, Yuanmin
    Hu, Ming
    GENERAL SYSTEM AND CONTROL SYSTEM, VOL I, 2007, : 241 - 244
  • [10] The architecture of a multi-tiered virtual observatory
    Todd King
    Jan Merka
    Raymond Walker
    Steven Joy
    Tom Narock
    Earth Science Informatics, 2008, 1 : 21 - 28